AOL hack causes zombie spam

Whether or not you use AOL, a recently exposed mass hack of the company’s network promises trouble for everybody.

AOL users: Hackers stole “a significant number” of email addresses, passwords, contact lists, postal addresses and answers to security questions, the company said in a blog post Monday. Anyone of the company’s 120 million account holders might be affected. Judging by AOL’s description of the incident, that total number could well be in the tens of millions. But AOL isn’t giving any details about the incident for now.

Non-AOL users: Watch out for spam that looks like it came from you or your friends’ AOL accounts.

It’s a double whammy that’s shows just how annoying hackers can be when they loot our contact lists.

Hackers are doing something called email spoofing, and it’s making it seem as if long-discarded AOL email accounts are back and sending spam. Emails appear to come from your friend’s email address because the “From:” field shows their email address. But this spam is actually coming from someone else. Hooligans know who to send spam to because they have your contact list.

RELATED: This is why you should stop using Internet Explorer right now

Although the massive hack likely affected untold millions, AOL estimates only 2% of its email accounts are being spoofed so far. So far, AOL has only been able to redirect these spoofed emails into people’s junk mail folders.

The situation leaves folks like Mindy Sopher of Raleigh, N.C., feeling hopeless. Two weeks ago, she was approached by a few coworkers at the North Carolina State University who said she was spamming them from an AOL account she hadn’t used in years. Curious, she logged in and realized her account wasn’t sending anything. The situation soon grew worse. This was the account she used to teach her public speaking class seven years ago — and her old students were now receiving a flood of one-line emails with questionable links to websites based in Russia and Thailand.

Sopher is overcome by embarrassment and the fear that an unsuspecting ex-student will think the emails are actually from her.

“It’s disheartening,” she said. “I would hate for something to go off on their computer because of me.”

AOL is now asking that all users — current and former — change their credentials. It won’t stop spoofing, but it’ll limit any spillover damage from the larger data breach. Anyone who receives suspicious email is directed to forward the message to AOL_phish@abuse.aol.com.

There’s little else you can do, but you can tell if your account has been targeted, said Gary Davis at antivirus maker McAfee. If you’re getting “mailer daemon” error messages for emails you never sent, and they’re not in your email outbox? You’re being spoofed.

 

 

 

TM & © 2014 Cable News Network, Inc., a Time Warner Company. All rights reserved.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

2 comments

  • Tom

    Dear WGN, I can't believe you posted this. The link to pckeeper is inviting more issues. They will shut down your computer through extortion. Please do a little more investigation before promoting this kind of site. Frankly, you should be sued.

Follow

Get every new post delivered to your Inbox.

Join 513 other followers